Mozilla Blocks Microsoft’s insecure .Net add-ons
gaurav bagdi
" Gaurav Bagdi is a 22 year old part time Blogger, Technical writer. Interested in day to day evolution in the field of technology. He’s the editor of Webketu - Technology Evolves. and owner of NetKetu. You can also catch him on twitter.”
Mozilla on Friday disabled a Microsoft plug-in for Firefox called the .Net Framework Assistant because of a security problem–then scrambled to give people with patched systems an override option.
I don’t find it strange if you use FireFox,you may have already seen a pop-up from your browser alerting you that it is blocking the Microsoft .NET Framework Assistant and Windows Presentation Foundation add-ons.
Mozilla late Friday blocked the Microsoft-made software that had put Firefox users at risk from attack.
The two-part Microsoft component — an add-on dubbed “.NET Framework Assistant” and a plug-in named “Windows Presentation Foundation” — have been blocked by Mozilla as a precautionary measure, said Mike Shaver, the company’s head of engineering.
“Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plug-in for all users via our blocklisting mechanism,” Shaver said in an announcement posted Friday night to the company’s .
Microsoft’s initial response — that the add-on could be removed by editing the Windows registry — drew criticism because editing the registry is potentially dangerous affair for newbie users. In response, Microsoft later shipped a simpler, point-and-click way to remove the thing. Still, the removal tool still left behind the Windows Presentation Foundation plug-in.
Fast forward to earlier this month, when Microsoft issued a record number of security updates. Among those was a fix for what Microsoft called a “browse-and-get-owned” vulnerability in Internet Explorer, meaning all that is needed is for a user to be lured to a malicious website. Nothing particularly new there, except that this one could also be exploited through Firefox, via the Windows Presentation Plug-in.
Like
.
.
.
.